我使用此处的脚本来设置规则,确保用户transmission-daemon只能通过我使用的 VPN 发送流量。
至少作者是这么说的。我无法理解以下输出。例如,这条线tcp spt:9091 owner GID match debian-transmission 是什么意思?为什么这条规则没有流量?
提示:我的以太网端口是enp3s0(如eth0)。
$ sudo iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
436 35225 f2b-sshd tcp -- any any anywhere anywhere multiport dports ssh
1085 221K ACCEPT all -- tun0 any anywhere anywhere
2913 923K ACCEPT all -- enp3s0 any anywhere anywhere
112 12221 ACCEPT all -- lo any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 4540 packets, 1267K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any enp3s0 anywhere 192.168.100.0/25 tcp spt:9091 owner GID match debian-transmission
0 0 ACCEPT udp -- any enp3s0 anywhere 192.168.100.0/25 udp spt:9091 owner GID match debian-transmission
2263 202K ACCEPT all -- any tun0 anywhere anywhere owner GID match debian-transmission
12 2581 ACCEPT all -- any lo anywhere anywhere owner GID match debian-transmission
0 0 REJECT all -- any any anywhere anywhere owner GID match debian-transmission reject-with icmp-port-unreachable
规则:
如果数据包发往 192.168.100.0 - 192.168.100.127 范围内的任何 IP并且协议是 tcp并且源端口是 9091并且数据包所有者是 debian-transmission并且它的目的地是网络接口 enp3s0 ELSE go,则将接受该数据包到下一个 iptables 规则。